Cryptology ePrint Archive: Report 2012/284

Fabrice Ben Hamouda and Olivier Blazy and CÚline Chevalier and David Pointcheval and Damien Vergnaud

Abstract: \emph{Authenticated Key Exchange} (AKE) protocols enable two parties to
establish a shared, cryptographically strong key over an insecure network
using various authentication means, such as cryptographic keys, short
(\emph{i.e.}, low-entropy) secret keys or \emph{credentials}.
In this paper, we provide a general framework, that encompasses several previous AKE
primitives such as \emph{(Verifier-based) Password-Authenticated Key
Exchange} or \emph{Secret Handshakes}, we call
\emph{LAKE} for \emph{Language-Authenticated Key Exchange}.

We first model this general primitive in the \emph{Universal Composability}
(UC) setting.
Thereafter, we show that the Gennaro-Lindell approach can efficiently address
this goal.
But we need \emph{smooth projective hash functions} on new languages, whose
efficient implementations are of independent interest.
We indeed provide such hash functions for languages defined by combinations of
linear pairing product equations.

Combined with an efficient commitment scheme, that is derived from the
highly-efficient UC-secure Lindell's commitment, we obtain a very practical
realization of Secret Handshakes, but also \emph{Credential-Authenticated Key
Exchange protocols}. All the protocols are UC-secure, in the standard model
with a common reference string, under the classical Decisional Linear
assumption.